Network Security Scenario

Transcription

1 Network Security Scenario Jeffrey Wheatman Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals must be requested via Gartner is a registered trademark of Gartner, Inc. or its affiliates.

2 Network Security Sea Change Threats don't stay still networks aren't, either Your father's DMZ zone won't work for changing networks moving upward and onward Effectiveness and efficiency - Build security into the network for well-known threats - Rapid evaluation of new approaches for dealing with new threats - "Baking" security into every new network services What if none of the endpoints are managed?

4 There Will Always Be a Perimeter Neither "all network" nor "all host" safeguards are feasible The edge changes and gets more complex but doesn't go away Coordinated safeguard approach rather than a single safeguard Unmanaged endpoints will only increase

8 The Need for a Separate Security Control Plane Guidance Decision not accident Hybrids can be worst of both approaches A security decision Foundation design principle Can always change back Infrastructure vendor products can be used for a control plane, but this is not the default Asset Dynamic Move Packets Vulnerabilities Costly Block Packets Secure Configuration Kernalized and Evaluated Infrastructure Security Costly

9 Web Application Firewalls Can openers: Great idea, but you only need one Market pressure has led to good standardization Use of Web application firewall evaluation criteria for selection against criteria Market divided: In-the-ADC or stand-alone In-the-ADC has enterprise advantage but is not leading in features True competition is with code/application scanners PCI will drive some increase

12 Network and Host Security Will Communicate but Not Become One Benefits - Buying center - Some efficiencies and early warning - Signature enablement Problems - Conflicting blocking policies - Operations and business knowledge across network/host boundary is limited

13 Encryption of MPLS and Internal Links Remains Niche Encryption can "blind" WOCs, IPSs, NBA, firewalls High cost and disruption Drop-in appliance approach is most common approach Overlay approach from Cisco GET VPN Longhorn brings IPsec, but authentication only Quantum cryptography will remain niche until at least 2011

14 In the Cloud Non-CPE Moved easily into the cloud: - Distributed denial of service - spam/antivirus -Firewall More problematic: -IPS -CMF - Anti-phishing New pricing/availability Carrier/ISP Enterprise

Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email

Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used

A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

Securing the Small Business Network Keeping up with the changing threat landscape Table of Contents Securing the Small Business Network 1 UTM: Keeping up with the Changing 2 Threat Landscape RFDPI: Not

Gartner IT Security Summit 2005 6 8 June 2005 Marriott Wardman Park Hotel Washington, District of Columbia These materials can be reproduced only with Gartner's written approval. Such approvals must be

White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats

Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

Acceleration, Optimization, Security and the Data Center: Application Delivery s Next Step Robin Layland Layland Consulting April 2009 The economic downturn is putting pressure on IT to reduce costs and

McAfee - Overview Anthony Albisser Channel Account Manager About McAfee Founded in 1987, McAfee is now the world s largest dedicated security company (acquired by Intel in 2011) Global research for real-time

COUNTERSNIPE WWW.COUNTERSNIPE.COM COUNTERSNIPE SYSTEMS LLC RELEASE 7.0 CounterSnipe s version 7.0 is their next major release and includes a completely new IDS/IPS leveraging high performance scalability

EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until

White Paper ZyWALL USG Trade-In Program Table of Contents Introduction... 1 The importance of comprehensive security appliances in today s world... 1 The advantages of the new generation of zyxel usg...

10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015

Q & A Cisco Small Business ISA500 Series Integrated Security Appliances Q. What is the Cisco Small Business ISA500 Series Integrated Security Appliance? A. The Cisco Small Business ISA500 Series Integrated

White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical

The Security Scenario 2005: The Future of Information Security Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with Gartner s official approval.

Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex,

Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The

WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing

Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks

Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

Overview The term BFSI stands for Banking, Financial Services and Insurance (BFSI). This term is widely used to address those companies which provide an array of financial products or services. Financial

Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

Connecting an Android to a FortiGate with SSL VPN This recipe describes how to provide a group of remote Android users with secure, encrypted access to the network using FortiClient and SSL VPN. You must

a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

Next Gen Firewall and UTM Buyers Guide Implementing and managing a network protected by point solutions is far from simple. But complete protection doesn t have to be complicated. This buyers guide explains

MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single

Why Datacenter Migration Is Challenging for Enterprises Datacenter migration projects are usually complex and involve considerable planning and coordination between multiple teams, including network, security,

Best Practices for Secure Mobile Access A guide to the future. Abstract Today, more people are working from more locations using more devices than ever before. Organizations are eager to reap the benefits